-------- Original-Nachricht -------- > Datum: Thu, 20 Sep 2007 19:10:31 +0100 > Von: "Riaan Kok" <[EMAIL PROTECTED]> > An: [email protected] > Betreff: 4xx or 5xx: just a matter of taste?
> (starting a new thread as this is a bit of a heavy post, and doesn't quite > belong under the previous question/subject) > > On 19/09/2007, Robert Felber <[EMAIL PROTECTED]> wrote: > > > > On Wed, Sep 19, 2007 at 09:56:48AM +0100, Riaan Kok wrote: > > > What's the thinking behind choosing between 450s and 550s in > > > policyd-weight? > > > > Be more specific? > > > It seems to me that in policyd-weight, by default, 450s are used for > clients > with DNS errors or client connections with a lowish score (and stuff > shortcircuited in the DEFER_STRING), and 550s then for everything else: > high > scoring clients, multi-RBL-listed clients, etc. > > I'm not sure that I understand the reasoning that has gone before here > (especially, why being listed in spamcop (IN_SPAMCOP) or having a bogus > mx > record would shortcircuit the default reject to the defer_action?). > > > Anyway, my understanding of 4xx versus 5xx is this: a 4xx (defer) from an > MTA means go-away-and-try-again-later (keeping the responsibility with the > client), and a 5xx pretty much means go-away-and-notify-the-sender > (shifting > the responsibility to the sender). > > By far the most of the messages that gets rejected by policyd-weight in > sheer numbers seems to be by hardcore listed spamfountains, and it doesn't > really matter how you reject the msg as long as you don't allow it! Also, > these clients will just keep on inventing new messages and senders so it > doesn't matter whether you defer or reject, they will sit there and hog > your > smtpd processes and try and try again. In the worst case, 5xx rejects on > these will create scatter to faked senders. > > The remaining percentage of rejected messages will be from > poorly-configured-yet-well-meaning clients, where the SENDER is either an > uncaring webmailer or server daemon, or a clueless human with no idea or > control over the reason for the reject.. And the most reliable way of > notifying the administrator of the offending client (rather than the > clueless sender) seems to me to be: letting a queue grow on his/her server > by issuing 4xx defers! Which will allow all non-expired messages to be > delivered anyway as soon he/she gets around to fixing the client's problem > (RBL/HELO/etc). > > Soo, I'm not quite sure in what scenario one would ever want to use a 5xx > reject for policy stuff. > > The last piece of the puzzle is that there seems to be a growing tendency > to > recommend using 421 actions for some RBLs, as recent Postfix versions > (2.3+, > I think) treat 421 (closing channel) actions quite literally: the server > process does just that, it closes the channel, disconnecting without > waiting > for the client to issue a QUIT, freeing up the smtpd process for a new, > hopefully legit, incoming connection. > > Here's what I'm thinking: > Why not use 421 across the board in policyd-weight? > 421 would be good for all using Postfix >= 2.3.0. > my regards, > Riaan -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/
